Merge: * DNS: nxdomain: don't return IP address for a blocked domain
Close #1284 * commit 'b01af453cc27cdb89ac0482ec68108ec8a2835a5': + client: handle default blocking mode * config: set "default" blocking mode by default * DNS: nxdomain: don't return IP address for a blocked domain
This commit is contained in:
commit
e7e946faa6
@ -831,7 +831,7 @@ Response:
|
||||
{
|
||||
"protection_enabled": true | false,
|
||||
"ratelimit": 1234,
|
||||
"blocking_mode": "nxdomain" | "null_ip" | "custom_ip",
|
||||
"blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
|
||||
"blocking_ipv4": "1.2.3.4",
|
||||
"blocking_ipv6": "1:2:3::4",
|
||||
"edns_cs_enabled": true | false,
|
||||
@ -848,7 +848,7 @@ Request:
|
||||
{
|
||||
"protection_enabled": true | false,
|
||||
"ratelimit": 1234,
|
||||
"blocking_mode": "nxdomain" | "null_ip" | "custom_ip",
|
||||
"blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
|
||||
"blocking_ipv4": "1.2.3.4",
|
||||
"blocking_ipv6": "1:2:3::4",
|
||||
"edns_cs_enabled": true | false,
|
||||
@ -859,6 +859,12 @@ Response:
|
||||
|
||||
200 OK
|
||||
|
||||
`blocking_mode`:
|
||||
* default: Respond with NXDOMAIN when blocked by Adblock-style rule; respond with the IP address specified in the rule when blocked by /etc/hosts-style rule
|
||||
* NXDOMAIN: Respond with NXDOMAIN code
|
||||
* Null IP: Respond with zero IP address (0.0.0.0 for A; :: for AAAA)
|
||||
* Custom IP: Respond with a manually set IP address
|
||||
|
||||
`blocking_ipv4` and `blocking_ipv6` values are active when `blocking_mode` is set to `custom_ip`.
|
||||
|
||||
|
||||
|
@ -191,6 +191,7 @@
|
||||
"query_log_retention_confirm": "Are you sure you want to change query log retention? If you decrease the interval value, some data will be lost",
|
||||
"dns_config": "DNS server configuration",
|
||||
"blocking_mode": "Blocking mode",
|
||||
"default": "Default",
|
||||
"nxdomain": "NXDOMAIN",
|
||||
"null_ip": "Null IP",
|
||||
"custom_ip": "Custom IP",
|
||||
@ -203,7 +204,10 @@
|
||||
"rate_limit_desc": "The number of requests per second that a single client is allowed to make (0: unlimited)",
|
||||
"blocking_ipv4_desc": "IP address to be returned for a blocked A request",
|
||||
"blocking_ipv6_desc": "IP address to be returned for a blocked AAAA request",
|
||||
"blocking_mode_desc": "<0>NXDOMAIN – Respond with NXDOMAIN code;</0> <0>Null IP – Respond with zero IP address (0.0.0.0 for A; :: for AAAA);</0> <0>Custom IP - Respond with a manually set IP address.</0>",
|
||||
"blocking_mode_default": "Default: Respond with NXDOMAIN when blocked by Adblock-style rule; respond with the IP address specified in the rule when blocked by /etc/hosts-style rule",
|
||||
"blocking_mode_nxdomain": "NXDOMAIN: Respond with NXDOMAIN code",
|
||||
"blocking_mode_null_ip": "Null IP: Respond with zero IP address (0.0.0.0 for A; :: for AAAA)",
|
||||
"blocking_mode_custom_ip": "Custom IP: Respond with a manually set IP address",
|
||||
"upstream_dns_client_desc": "If you keep this field empty, AdGuard Home will use the servers configured in the <0>DNS settings</0>.",
|
||||
"source_label": "Source",
|
||||
"found_in_known_domain_db": "Found in the known domains database.",
|
||||
|
@ -83,7 +83,11 @@ let Form = ({
|
||||
<Trans>blocking_mode</Trans>
|
||||
</label>
|
||||
<div className="form__desc form__desc--top">
|
||||
<Trans components={[<div key="0">text</div>]}>blocking_mode_desc</Trans>
|
||||
{Object.values(BLOCKING_MODES).map(mode => (
|
||||
<li key={mode}>
|
||||
<Trans >{`blocking_mode_${mode}`}</Trans>
|
||||
</li>
|
||||
))}
|
||||
</div>
|
||||
<div className="custom-controls-stacked">
|
||||
{getFields(processing, t)}
|
||||
|
@ -359,6 +359,7 @@ export const QUERY_LOG_INTERVALS_DAYS = [1, 7, 30, 90];
|
||||
export const FILTERS_INTERVALS_HOURS = [0, 1, 12, 24, 72, 168];
|
||||
|
||||
export const BLOCKING_MODES = {
|
||||
default: 'default',
|
||||
nxdomain: 'nxdomain',
|
||||
null_ip: 'null_ip',
|
||||
custom_ip: 'custom_ip',
|
||||
|
@ -39,7 +39,7 @@ const dnsConfig = handleActions(
|
||||
{
|
||||
processingGetConfig: false,
|
||||
processingSetConfig: false,
|
||||
blocking_mode: BLOCKING_MODES.nxdomain,
|
||||
blocking_mode: BLOCKING_MODES.default,
|
||||
ratelimit: 20,
|
||||
blocking_ipv4: DEFAULT_BLOCKING_IPV4,
|
||||
blocking_ipv6: DEFAULT_BLOCKING_IPV6,
|
||||
|
@ -727,10 +727,6 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
||||
case dnsfilter.FilteredParental:
|
||||
return s.genBlockedHost(m, s.conf.ParentalBlockHost, d)
|
||||
default:
|
||||
if result.IP != nil {
|
||||
return s.genResponseWithIP(m, result.IP)
|
||||
}
|
||||
|
||||
if s.conf.BlockingMode == "null_ip" {
|
||||
switch m.Question[0].Qtype {
|
||||
case dns.TypeA:
|
||||
@ -746,8 +742,14 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
||||
case dns.TypeAAAA:
|
||||
return s.genAAAARecord(m, s.conf.BlockingIPAddrv6)
|
||||
}
|
||||
|
||||
} else if s.conf.BlockingMode == "nxdomain" {
|
||||
return s.genNXDomain(m)
|
||||
}
|
||||
|
||||
if result.IP != nil {
|
||||
return s.genResponseWithIP(m, result.IP)
|
||||
}
|
||||
return s.genNXDomain(m)
|
||||
}
|
||||
}
|
||||
|
@ -54,7 +54,7 @@ func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func checkBlockingMode(req dnsConfigJSON) bool {
|
||||
bm := req.BlockingMode
|
||||
if !(bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") {
|
||||
if !(bm == "default" || bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") {
|
||||
return false
|
||||
}
|
||||
|
||||
|
@ -161,7 +161,7 @@ var config = configuration{
|
||||
StatsInterval: 1,
|
||||
FilteringConfig: dnsforward.FilteringConfig{
|
||||
ProtectionEnabled: true, // whether or not use any of dnsfilter features
|
||||
BlockingMode: "null_ip", // mode how to answer filtered requests
|
||||
BlockingMode: "default", // mode how to answer filtered requests
|
||||
BlockedResponseTTL: 10, // in seconds
|
||||
Ratelimit: 20,
|
||||
RefuseAny: true,
|
||||
|
@ -1075,6 +1075,7 @@ definitions:
|
||||
blocking_mode:
|
||||
type: "string"
|
||||
enum:
|
||||
- "default"
|
||||
- "nxdomain"
|
||||
- "null_ip"
|
||||
- "custom_ip"
|
||||
|
Loading…
Reference in New Issue
Block a user